A deepfake is synthetic audio, image, or video created by AI-powered tools that use real voice and image samples to make a convincing digital copy of a person, which adversaries use to impersonate them and commit fraud (CED 1.4.A.1).
A deepfake is a fake that's so good it fools you. Adversaries feed AI-powered tools real samples of someone's voice and face, and the tool builds a digital avatar that can talk, move, and sound just like the real person. That avatar can then show up on a phone call or a video call pretending to be your boss, a relative, or a bank rep.
In AP Cybersecurity, this lives under EK 1.4.A.1: adversaries use AI to clone a person so they can impersonate them, which leads to financial loss or leaked sensitive information. The danger grows as more organizations adopt voice-based authentication. If your voice unlocks an account, a cloned voice becomes a master key. That's why a believable fake isn't just creepy, it's a direct path into systems and money.
Deepfakes sit in Unit 1: Introduction to Security, topic 1.4 AI-Based Cybersecurity Attacks. They're the headline example for learning objective AP Cybersecurity 1.4.A, which asks you to explain how adversaries use AI-powered tools to augment cyberattacks. They also pull in 1.4.B, the defense side, because the whole point of studying the attack is knowing how to stop it. Deepfakes connect the abstract idea of AI to a concrete threat: impersonation that beats the human eye and ear, and sometimes beats authentication systems too.
Keep studying AP Cybersecurity Unit 1
Visual cheatsheet
view galleryVoice Cloning (Unit 1)
Voice cloning is the audio-only version of a deepfake. A deepfake video and a cloned voice both start the same way: feed the AI real samples, get back a convincing fake. Voice cloning matters most where companies use voice-based authentication, since a clone can defeat it.
Generative AI Attack (Unit 1)
A deepfake is one flavor of generative AI attack. The same broad capability that lets an LLM write a flawless phishing email (EK 1.4.A.2) also lets a model generate a fake face or voice. They're siblings under the same AI-powered-attack umbrella.
Multifactor Authentication (Unit 1)
MFA is the answer to the deepfake threat. Even if an adversary clones your voice to pass voice authentication, a second factor stops them from getting in (EK 1.4.B.2). This is the textbook 'attack meets defense' pairing for topic 1.4.
OSINT (Unit 1)
Deepfakes need raw material, and open-source intelligence is where adversaries find it. Public videos, podcast clips, and social posts give an attacker the voice and image samples needed to build a convincing fake of you.
Expect deepfakes on multiple-choice questions asking you to identify how adversaries use generative AI in cyberattacks, like the practice stem 'Which of the following is an example of how adversaries use generative AI in cyberattacks?' The right answer describes AI cloning a person to impersonate them. You should be able to do two things: recognize a deepfake or voice-cloning scenario as an AI-augmented attack (1.4.A), and pair it with the correct defense, usually MFA or a shared secret phrase between trusted parties (1.4.B). No released FRQ has used 'deepfake' verbatim, but the term anchors the attack-and-defense reasoning the topic expects.
Voice cloning copies just the audio, the sound of someone's voice. A deepfake is the broader idea that can include cloned video and images, not only sound. Think of voice cloning as the audio piece of the larger deepfake toolkit. Both rely on real samples and both can defeat authentication, but a deepfake can also fool you on a video call where a clone alone cannot.
A deepfake is AI-generated fake audio, image, or video built from real samples to impersonate a specific person (EK 1.4.A.1).
Adversaries use deepfakes to impersonate someone on a call or video chat, leading to financial loss or leaked sensitive information.
Voice-based authentication is especially at risk, because a cloned voice can act as a stolen password.
The main defenses are multifactor authentication (EK 1.4.B.2) and a shared secret phrase known only to trusted parties (EK 1.4.B.1).
Deepfakes are a type of AI-powered cyberattack and live in Unit 1, topic 1.4, under learning objective 1.4.A.
It's synthetic audio or video made by AI-powered tools that use a person's real voice and image samples to create a digital copy of them. Adversaries use it to impersonate someone and commit fraud, as described in EK 1.4.A.1.
Yes, if that system uses voice-based authentication. A cloned voice can pass voice authentication, which is exactly why the CED recommends enabling multifactor authentication so a second factor blocks the attacker (EK 1.4.B.2).
Voice cloning copies only someone's voice, while a deepfake is the broader category that can also fake video and images. Voice cloning is essentially the audio slice of the deepfake threat.
Use multifactor authentication so a cloned voice isn't enough to get in, and set up a shared secret word or phrase with close friends and family to verify identity in high-stakes situations (EK 1.4.B.1 and 1.4.B.2).
Not exactly. A deepfake is one example of an AI-powered cyberattack. Other examples include LLM-written phishing messages and prompt injection, all grouped under topic 1.4.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.